GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,098 advisories
Filter by severity
Bootstrap vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2018-14040
was published
for
bootstrap
(RubyGems)
May 13, 2022
Editor.js vulnerable to Code Injection
Moderate
CVE-2022-23474
was published
for
@editorjs/editorjs
(npm)
Aug 5, 2024
Scrypted Cross-site Scripting vulnerability
Moderate
CVE-2023-47620
was published
for
@scrypted/server
(npm)
Aug 5, 2024
Scrypted Cross-site Scripting vulnerability
Moderate
CVE-2023-47623
was published
for
@scrypted/core
(npm)
Aug 5, 2024
Flowise Cross-site Scripting in api/v1/chatflows/id
Moderate
CVE-2024-36422
was published
for
flowise
(npm)
Aug 5, 2024
Flowise Cross-site Scripting in /api/v1/public-chatflows/id
Moderate
CVE-2024-36423
was published
for
flowise
(npm)
Aug 5, 2024
Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id
Moderate
CVE-2024-37145
was published
for
flowise
(npm)
Aug 5, 2024
Flowise Cross-site Scripting in/api/v1/credentials/id
Moderate
CVE-2024-37146
was published
for
flowise
(npm)
Aug 5, 2024
Zowe CLI allows storage of previously entered secure credentials in a plaintext file
Moderate
CVE-2024-6833
was published
for
@zowe/cli
(npm)
Jul 17, 2024
nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR
Moderate
CVE-2024-34343
was published
for
nuxt
(npm)
Aug 5, 2024
Directus GraphQL Field Duplication Denial of Service (DoS)
Moderate
CVE-2024-39895
was published
for
@directus/env
(npm)
Jul 8, 2024
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Moderate
CVE-2024-35255
was published
for
@azure/identity
(Go)
Jun 11, 2024
Directus Blind SSRF On File Import
Moderate
CVE-2024-39699
was published
for
@directus/api
(npm)
Jul 8, 2024
Directus incorrectly handles `_in` filter
Moderate
CVE-2024-39701
was published
for
directus
(npm)
Jul 8, 2024
Qwik has a potential mXSS vulnerability due to improper HTML escaping
Moderate
CVE-2024-41677
was published
for
@builder.io/qwik
(npm)
Aug 6, 2024
Matrix SDK for React's URL preview setting for a room is controllable by the homeserver
Moderate
CVE-2024-42347
was published
for
matrix-react-sdk
(npm)
Aug 6, 2024
Trix has a cross-site Scripting vulnerability on copy & paste
Moderate
CVE-2024-43368
was published
for
trix
(npm)
Aug 14, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6484
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
Improper access control in Directus
Moderate
CVE-2024-6534
was published
for
directus
(npm)
Aug 15, 2024
matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor
Moderate
CVE-2024-42369
was published
for
matrix-js-sdk
(npm)
Aug 20, 2024
Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability
Moderate
CVE-2024-43407
was published
for
ckeditor4
(npm)
Aug 21, 2024
mysql2 vulnerable to Prototype Poisoning
Moderate
CVE-2024-21509
was published
for
mysql2
(npm)
Apr 10, 2024
Hono CSRF middleware can be bypassed using crafted Content-Type header
Moderate
CVE-2024-43787
was published
for
hono
(npm)
Aug 22, 2024
ProTip!
Advisories are also available from the
GraphQL API